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(54) Method and apparatus for recording of encrypted digital data 

(57) A method for transmission and recording of 
scrambled digital data in which scrambled data is trans- 
mitted together with a control wonJ for descrambling of 
the digital data, the control word Ce itself being 
encrypted by a first key and transmitted in encrypted 
form, the scrambled digital data and encrypted control 
word being received t>y a decoder 2020 possessing an 
equivalent of the first necessary to decrypt the 
encrypted control word, the decoder being further 
adapted to pass tiie digital data in its still scrambled 
form to a digital recording dence 4005 and character- 
ised in that the decrypted control word Cefor descranv 
Uing the scrambled data is thereafter re-encrypted by 
means of a second C2 stored in a portable support 
device 4004 adapted to be received by the decoder 
2020 and/br digital recording dance 4005, the re- 
encrypted control word being recorded together with the 
scrambled data on the digital recording medium 4006. 
When replaying the recording, the control word is 
decrypted by means of the second key stored on the 
support means and thereafter used to descramble the 
recording. 
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Description 

[0001 ] The present invention relates to a method and 
apparatus for recording scrambled digital data, for 
example television broadcasts. 
[0002] Transmission of encrypted data is well-known 
in the field of pay TV systems, where scrambled audio- 
visual information is broadcast typically by satellite to a 
number of subscribers, each subeaiber possessing a 
decoder or receiver/decoder capable of descrambling 
the transnvtted program for sut>sequent viewing. 
[0003] In a typical system, scrambled digital data is 
transmitted tog^er with a control word for descram- 
bling of the digital data, the control word itself being 
encrypted by a first key and transmitted in encrypted 
' form, the scrambled digital data and encrypted code 
word being received by a decoder possessing an equiv- 
alent of the first key necessary to decrypt the encrypted 
code word and tfiereafter descramt)le the transmitted 
data, the decoder fc»eing further adapted to pass the dig- 
ital data in its still scrambled form to a digital recorcfing 
devk^e. A paid-up sut)scriber will receive on a montHy 
t>asis the key necessary to decrypt the encryted control 
word so as to permit viewing of a partk;ular program. 
[0004] With the advent of dgrtal techrK>k>gy, the qual- 
ity of the transmitted data has increased many times 
over. A partk^ular prot)lem associated with cfigital quality 
data lies in its ease of reproduction. Where a descram- 
bled program is passed via an analogue link (e.g. 
the (< Perrtel )) link) for viewing and recording by a 
standard VCR the quality remains no greater than that 
associated with a standard analogue cassette record- 
ing. The risk that such a recording may be used as a 
master tape to make pirate copies is thus no greater 
than with a standard shop bought anafogue cassette 
[0005] By way of contrast, any descrambled cfigital 
data passed by a direct digital link to one of the new 
generation of digital recording devices (for example, a 
DVHS recorder) will be of the same quality as the origi- 
nally transmitted program and may thus be reproduced 
any number of times without any de^adatkxi of image 
or sound quality. There ts therefore a considerable risk 
that the descrant^led data will be used as a master 
recording to make pirate copies, either further dgital 
copies or even simple anafogue VHS copies. 
[0006] Rench Patent Applk»tion 95 03859 shows one 
of overcoming this problem, by nfieans of a system in 
whk;h descrambled digital data is never allowed to be 
recorded on the digital recording medium. Instead, the 
decoder described in this applk:ation records the data in 
its saambled form on tfie recording medium, together 
with tfie control word necessary to descramble the data 
re-encrypted by means of another key. This new key is 
known only to the receiverAiecoder and replaces the 
first key needed to ot>tain the code word for viewing of 
the program. 

[0007] The advantage of such a system is that the 
data is nev^ stored in a ((dear >>form and cannot be 



viewed witfK)ut possession off the new key, stored in the 
receiver/decoder. TTie system also possesses the 
SKivantage that, since the first key changes on a monthly 
basis, the use of a constant key to re-encrypt the control 
5 word registered on the digital tape means that the 
receiver/decoder will still be able to decrypt the control 
word recorded on the tape even after the end of a sut>- 
scription month. 

[0008] The disadvantage of the system proposed in 

10 this patent application is tfiat tfrn recording can only be 
viewed in conjunction with that particular 
receiver/decoder. If that decoder breaks down, or is 
replaced, the recording can no lor>ger be replayed. 
Equally, it is not possible to play the recording directly in 

15 a digital recorder witfKXit connecting the 
receiver/decoder in the system and a viewer nrujst there- 
fore maintain his sut>scription with the pay TV company 
in order to keep the decoder so as to be capable of 
viewing f ilnns already transmitted. 

20 IP009] It is an object of the present invention to over- 
come the problems associated with this solution whilst 
keeping enabling secure recording of digital data that 
cannot t>e easily used to generate pirate copies of the 
transmitted data. 

25 [001 0] The present invention conprises a metfiod for 
transmission and recording of scrambled digital data in 
which scrambled data is transmitted together with a 
control word for descrambling of the digital data, the 
control word itself t>eing encrypted by a first key and 

30 transmitted in encrypted form, the scrambled digital 
data and encrypted control word being received by a 
decoder having access to an equivalent of the first key 
necessary to decrypt the errcrypted control word, the 
decoder being forther adapted to pass the digital data in 

35 its Still scramk>led form to a distal recording device and 
characterised in that the decrypted control word for 
descrambling the scrambled data is thereafter re- 
encrypted by means of a second key stored in a porta- 
ble support devk;e adapted to be received by the 

40 decoder, ihe re-encrypted control word being recorded 
together with the scrambled data on the distal record- 
ing medium. 

[001 1] In this way. the presait invention overcomes 
the problems of the prior art since the sut)sequent 

45 replaying of the recorded data becomes independarrt of 
the kientfty of the decoder. When replaying the record- 
ing, the control word is decrypted by nneans of the sec- 
ond key stored on the support means and thereafter 
used to descramble the recording. 

50 [001 2] Replacement off the decoder will not invalidate 
the recording in question as kmg as the new decoder 
has a receptacle for receiving the support device con- 
taining the second k^. If supplied with a reader for the 
support devk^e, the digital recorder may itself read the 
second key and permit replaying of the data without the 
need for the decoder. Unlike tf^e decoder, which is a rel- 
atively connplex piece of equipment whfoh may easily 
break down, the portable support device may be imple- 
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merited in a sinple resistant form. ' 
[001 3] In a particularly preferred embodiment the port- 
able support device is a smart card adapted to be 
received in a smart card reader in ttie decoder and/or 
digital recorder. In this application the term <( smart s 
card )) is used to mean any conventional chip-t»sed 
card device possessing, for example, microprocessor or 
EEPROM memory for stocking the second key algo- 
rithm. Also included In this term are chip devices having 
alternative physical forms, for example key-shaped io 
devices such as are often used in TV decoder systems. 
[0014] In one embocfiment, the smart card also con- 
tains the equivalent of the first key used to decrypt the 
control word for the initial descrambling of the data, eg 
for viewing in the case of a television broadcast system, is 
In such a case, the smart card forms part of the pay TV 
system and may also contain a personalised key known 
to the transmitter to enat)le the transmitter to selectively^ 
identify which subscribers will receive an updated first 
key attheend oftherTK>rrth. 20 
[0015] In an alternative embodiment, the second key 
is stored on a smart card different from that used to 
store the first k^. In such an emtxxjiment. reading of 
the information stored on the digital medium thus 
t>ecomes completely separate from the sut>scriber sys- 2s 
tern and, even after a subscr3>er has withdrawn from the 
system and his sut>scription card withdrawn, he may 
continue to watch previously recorded films provided 
the cfigrtal recorder/flayer that he possesses is adapted 
to read the accompanying smart card. 30 
[0016] In such a system, a single smart card and sec- 
ond key may be used to generate the re-encrypted code 
word for a plurality of recordings. In such a way, a single 
{< library card >>Gan be used todecrypt any numt)er of 
recordings. 35 
[0017] In one embodiment, the smart card may also 
contain a nunt^er of crecfit units to determine hew many 
times the recording may be replayed, the number of 
units being deaemented with each sut>sequent partial 
or compile playing of the recording. These credit units 40 
may t>e downloaded in a message together with the 
transmitted first k^, for example. 
[0018] In one erTtx)dimentthe aedit units are associ- 
ated with a particular segment of the recording such 
that playing a section of the recording, tor example the 4s 
first or last quarter hour of the recorcfing will decrement 
certain aedit units associated with ttiese sections. 
Alternatively, the aedit units are of a single type and are 
deaemented with the playing of any section of the 
recording. so 
[0019] As discussed above, the present invention is 
particularly applicable to the case where the second key 
algorithm is stored on a smart card associated with the 
recording medium. However, in an altemative entxxii- 
ment, the portable support is d^ned by the recording ss 
hself, the second Key being stored in an integrated cir- 
cuit embedded in the housing of the digital recorcGng 
medium. 



[0020] Such a technique has already been suggested;^ 
for example, in the case of DVHS cassettes where a set 
of metallic contacts may be provided on an exterior sur- 
face of the cassette housing, the contacts leading to an 
electronic circuit such as an integrated circuit or chip in 
the interior of the housing. These contacts may be 
engaged by a con^esponding set of contacts in the 
receptacle of the recorder to enable communrcation 
between the Integrated drcuit and the video recorder. 
[0021] In such systems, security is still provided 
despite the fact that the key is carried with the recording, 
since the key may not easily be copied from witiiin the 
embedded chip. The variations desaibed above with 
regard to the smart card embodiments are equally 
applk^able to systems in which the support is defined by 
the recording housirig. " " ~ 

[P022] The present invention Is particularly applicable 
to a method in which the scrambled data repres^its 
audiovisual data transnnitted in a scrambled television 
broadcast 

[0023] The terms <(scrarTt)led >)and (< encrypted >> 
and << control word )> and << key >) have been used 
here for the purpose of clarity of language. How- 
ever, it will be understood that no fundan^ental dis- 
tinction is to be made between ((scrambled data >> 
and {(encrypted date )) or between a ((control word 
})anda((key >>. 

[0024] Similarly, whilst the description refers to 
(( recerverydecoders >>and (( decoders )> it will be 
understood that the present invention applies equally to 
embocfiments having a receiver integrated with the 
decoder as to a decoder unit functioning in conr^nation 
with a physically separate receiver. 
[0025] A preferred embodintent of the invention will 
now be descrfoed by way of example only and in rela- 
tion to the attached figures, in which: 

Rgure 1 shows the overall architecture of a digital 
television system, as may be adapted by the 
preserrt invention to Interact with a digitel recording 
device 

Rgure 2 shows the conditional access system of 
the television system of Figure 1 ; 
Rgure 3 shows the different levels of encryptage in 
the television system ; 

Rgure 4 shows the structure of a transmitted digital 
packet in the televisfon system. Including visual, 
audio and teletext date arxi an ECM message com- 
ponent ; 

Rgure 5 shows a first embodiment of the invention 
Including a digital recording device ard a smart 
card conteining a secorKi algorithm used to encrypt 
the code word to be registered on a digital video 
cassette ; 

Rgure 6 shows a second ennbodim^ of the Inven- 
tion in which ttie smart card corrtalns both tiie first 
and second keys necessary for viewing the trans- 
mitted and recorded pro-am, respectively. 
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together with "aedit units tor determining the 
numt>er of times a program nnay be watched ; and 
Rgure 7 shows a third emtxxiiment of the invention 
In which the second key is stored on an integrated 
circuit mounted in the casing of the dgital video 
cassette. 

Pi ptal Television System 

[0026] An overview of a digital television broadcast 
and reception system 1000 adaptable to the present 
invention is shown in Rgure 1. The system includes a 
mostly conventional c£gital television system 2000 
which uses the known MPEGt-2 compression system to 
transmit compressed cfigital signals. In nrKKe detail, the 
MPEG-2 compressor 2002 in a broadcast centre 
receives a digital signal stream (typically a stream of 
video signals). The compressor 2002 is connected to a 
multiplexer and scrambler 2004 by linkage 2006. The 
mult^exer 2004 receives a plurality of further input sig- 
nal, assembles one or more transport streams and 
transmils compressed digital signals to a transmitter 
2008 of the broadcast c^e via linkage 2010. whk;h 
can of course lake a wide variety of forms including tel- 
ecom links. The transmitter 2008 transnnits electromag- 
netic signals via uplink 2012 towards a satellite 
transponder 2014, where they are electronically proc- 
essed and broadcast via notional dcwnlink 2016 to 
earth receiver 2018, conventionally in the form of a dish 
owned or rented by the end user. The signals recaved 
t>y receiver 2018 are transmitted to an integrated 
receiver/decoder 2020 owned or rented by the erxl user 
and connected to the end user's television 2022. The 
receiver/decoder 2020 decodes the corrpressed 
MPEG-2 signal into a televiskm signal for the televiston 
set 2022. 

[0027] A condrtk>nal access system 3000 is connected 
to the multiplexer 2004 and the receiver/decoder 2020, 
and is located parity in the txoadcast centre and partly 
in the decoder. It enables the end user to access digital 
television broadcasts from one or more broadcast sup- 
pliers. A smartcard, capable of decrypting messages 
relating to commercial offers (that is, on or several tele- 
viston programmes sold by the bro^lcast si^splier). can 
be inserted into the receiver/decoder 2020. Using the 
decoder 2020 and smartcard, the end user may pur- 
chase events in either a sut)scripk)n nKxJe or a pay-per- 
view-mode. 

[0028] An interactive system 4000. also connected to 
the muttiplexer 2004 and the receiver/decoder 2020 and 
again located partly in the broadcast and parDy in the 
decoder. enat)tes the end user to interact with various 
applications via a nxxJemrned back channel 4002. 

Conditipnal Apge^ gygfern 

[0029] With reference to Rgure 2, the conditional 
access system 3000 includes a Sut>scriber Authoriza- 



tk>n System (SAS) 3002. The SAS 3002 is connected to 
one or more Subscriber Management Systems (SMS) 
3004, one SMS for each broadcast supplier, by a 
respective TCP-IP link 3006 (although other types of 

5 linkage couM attematively be used). Alternatively, one 
SMS coukj be shared between two broadcast suppliers, 
or one supplier could use two SMSs, and so on. 
[0030] Rrst encrypting units in the form of ciphering 
units 3008 utilising << nrx^ther >) smartcards 3010 are 

10 connected to the SAS by linkage 301 2. Secorxl encrypt- 
ing units again in the form of ciphering units 301 4 utiliz- 
ing mother smartcards 3016 are connected to the 
mutl^lexer 2004 by lintage 3018. The receiverydecoder 
2020 receives a (( daughter )> sniartcard 3020. It is 

IS connected directly to the SAS 3002 by Communicatiorts 
Servers 3022 via the nrvxiemmed back channel 4002. 
The SAS sends amongst other things subscription 
rights to the daughter smartcard on request. 
[0031] The smartcards contain the secrets of one or 

20 more commercial operators. The ((nxiiher >>smartcard 
ericrypts different kinds of messages and the ((daugh- 
ter >) smartcards decrypt the messages, if they have the 
rights to do sa 

[0032] The first and second ciphering units 3008 arxJ 
25 301 4 comprise a rack, an electronk; VME card with soft- 
ware stored on an EEPROM, up to 20 electronic cards 
and one smartcard 3010 and 3016 respectively, for 
each electronk; card, one (card 3016) for encrypting the 
ECMs and one (card 3010) for encrypting the EMMS. 
30 [0033] As will be described, ECMs or Entitlement 
Control Messages are encrypted messages embedded 
in the data stream of a transmitted program and whrch 
contain the control word necessary for descrambling of 
a program. Authorisatk>n of a given receiverAjeooder is 
35 controlled by EMMs or EntitlemerTt Management Mes- 
sages, transmitted on a less frequent t>asis and which 
supply an authorized receiver/decoder with the key nec- 
essary to decode the ECM. 

[0034] The operatk)n of the conditional access system 
40 3000 of the digital televisk>n system will new k>e 
descrit>ed in more detail with reference to the various 
components of the television system 2000 and the con- 
ditional access system 3000. 

45 MMltiplQxgr and Syamt?l^ 

[0035] With reference to Rguresi and 2, in the broad- 
cast centre, the digital video signal is first compressed 
(or bit rate reduced), using the MPEG-2 compressor 
50 2002. This compressed signal is then transmitted to the 
multiplexer and scrambler 2004 via the linkage 2006 in 
order to be muHiplexBd with other data, such as other 
compressed data. 

[0036] The scrambler generates a control word Ce 
55 used in the scranrtiing process and Included in the 
MPECr-2 stream in the nruiltiplexer 2004. The control 
word Ce is generated Interr^lly and enables the erxi 
user's integrated receiver/decoder 2020 to descramble 



4 



7 



EP 0 912 052 A1 



8 



the programme. Access criteria; irxiicating how the pro^ 
gramme is commercialised, are also added to the 
MPEG-2 stream. The programme may be corrunerdal- 
ised in either one of a nurTt}er of (( subscription )> 
riKxles and/or one of a number of <( Pay Per View )> 
(PPV) modes or events. In the sut>scription mode, the 
end user subscribes to one or more commercial offers, 
of ( <tx)uquete ) ), thus getting the rights to watch every 
channel inside those bouquets. In the preferred embod- 
iment, up to 960 commercial offers may be selected 
from a bouquet of channels. In the Pay Per View mode, 
the end user is provided with the capat)ility to purchase 
events as he wishes. This can be achieved by either 
pre-booking the event in advance (< <pre-book mode ) >). 
or by purchasing the event as soon as it is broad- 
cast (((impulse nrxxle > 9- - - • 
[0037] Both the control word Ce and the access crite- 
ria are used to build an Entitlement Control Message 
(ECM); this is a message sent in relation with one 
scrambled program; the message contains a control 
word (which allows for the descrambling of the program) 
and the access criteria of the broadcast program. The 
access criteria and control word are transmitted to the 
second encrypting unit 3014 via the linkage 3018. In 
this unit an ECM is generated, encrypted with a first key 
Cex arxJ transmitted on to the multiplexer and scrambler 
2004. 

[0038] Each service broadcast by a t>roadcast sup- 
plier in a data comprises a number of distinct compo- 
nents; for example a television programme includes a 
video component V, an audio component S, a sut>-title 
or teletext componerrt T and so on (see figure 4). Each 
of these corrponents of a service is individually scram- 
bled and encrypted for subsequent broadcast to the 
transponder 2014. In respect of each scrambled com- 
ponent of the service, a separate ECM is rec^ired. 

Programme Transmission 

[0039] The multiplexer 2004 receives electrical signals 
comprising encrypted EMMs from the SAS 3002. 
encrypted ECMs from the second encrypting unit 3014 
and compressed programmes from the compressor 
2002. The multiplexer 2004 &aamk)les the programmes 
arxi transmits the scramt)led pro^ammes, the 
encrypted EMM (if present) and the encryped ECMs as 
electrk: signals to a transmitter 2008 of the broadcast 
centre via linkage 2010. The transnvtter 2008 transmits 
electromagn^ signals towards the satellite trans- 
ponder 2014 via uplink 2012. 

Programme Reception 

[0040] The satellite transponder 2014 receives and 
processes the electromagnetic signals transmitted by 
the transmitter 2008 and transmits the signals on to the 
earth receiver 2018, conventionally in the form of a dish 
owned or rented by the end user, via downlink 2016. 



Thestgnalsreceivedby receiver2018aretransmitted to* 
the integrated receiver/decoder 2020 owned or rented 
by the end user and connected to the end user's televi- 
sion set 2022. The receiver/decoder 2020 dennitti- 

5 plexes the signals to obtain scrambled programmes with 
encrypted EMMs and encrypted ECMs. 
19041] If the programme is not scrambled the 
receiver/decoder 2020 deconrpresses the data and 
transfornris the signal into a video sigrial for trartsmissk)n 

10 to television set 2022. 

[0042] If the programme is scrambled, the 
receiverydecoder 2020 extracts the corresporxiing ECM 
from tiie MPEG-2 stream and passes the ECM to 
the ((daughter )>smartcard 3020 of the end user. This 

IS slots into a housing in the receiverAdecoder 2020. The 
daughter smartcard 3020 controls whether the end user 
has the right to decrypt the ECM and to access the pro- 
Qpramme. 

[0043] If not, a negative status is passed to the 
20 receiver/decoder 2020 to indicate that the programme 
cannot be descrambled. If the end user does have the 
rights, the ECM is decrypted and the control word 
extracted. The decoder 2020 can then descrarTt)le the 
programme using this control word. The MPEG-2 
25 stream is decompressed arxi translated into a video sig- 
nal onward trartsmission to television set 2022. 
[0044] The levels of encryption used will be descnliTed 
in more detail in relation to Figure 3 below. 

30 Subscrber Management SystCT (SMS) 

[P045] A sut>scrO:>er Management System (SMS) 
3004 includes a datat>ase 3024 whk;h manages, 
anxmgst others, all of the end user files, commercial 
35 offers (such as tariffs and promotions), subscriptions, 
PPV details, and data regarding erxi user consumption 
and autfiorization. The SMS may t^e physrcally renrxjte 
from the SAS 

[0046] Each SMS 3004 transmits messages to the 
40 SAS 3002 via respective linkage 3006 to enable modifi- 
cations to or creatk)ns of Entitiement Management Mes- 
sages (EMMs) to be transmitted to end users. 
[0047] The SMS 3004 also transmits messages to the 
SAS 3002 which inrply no nKxfifications or creations of 
45 EMMs but irrply only a change in an end users*s state 
(relating to the authorization granted to the end user 
when ordering products or to the anmunt that the end 
user will be charged). 

50 Entitiement Management Messages (EMMsl 

[0048] The EMM is a message dedicated to an incG- 
vidual end user (sut>scrat>er), or agroupof end users (in 
contrast wittY an ECM, which is dedicated to oriesaam- 
55 bled pro^anvne only or a set of scramt)led programmes 
if part of the sanne commercial offer). A group may con- 
tain a given number of end users. This organisation as 
a group aims at optimising the bandwitdth; that is, 
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access to one group can pennit the reaching of a great 
nunnber of end users. 

[0049] Various specific types of EMM are used in 
putting the present invention into practice. Individual 
EMMs are dedicated to individual sut>scrit>ers, and are 
typically used in the prevision of Pay Per View services; 
these contain the grotq? identifier and the position of the 
sut^scriber in that group. Socalled < <Group ) ) sut)scrip- 
tion EfAMs are dedicated to groups of, say, 256 individ- 
ual users, and are typically i^ed in the administration of 
Sonne subscription services. This EMM has a groi^ 
identifier and a sut>scribers* group brtnfiap. Audience 
EMMs are dedicated to entire audiences, and might tor 
example be used t>y a particular operator to provide cer- 
tain free services. An ( ( audience ) > is the totality of 
subscnl}ers having sniartcards which bear the'^same 
OpefHtor Identrfter (OPI). Rnally. a << unique »EMM is 
addressed to the unique identifier of the smartcard. 

Encryption Levels of the System 

[0050] Referring now to Rgure 3, the encryption levels 
in the broadcast system wilt now t>e described. The 
stages of encryption associated with the broadcast of 
the digital data are shown at 4001, the transmission 
channel (eg a satellite link as described above) at 4002 
and the stages of decryption at the receiver at 4003. 
[0051] The digital data N is scrambled by a control 
word Ce before t)eing transmitted to a multiplexer Mp for 
subsequent transmission. As will be seen from Rgure 4, 
the transmitted data includes an ECM comprising, inter 
alia, the control word Ce as encrypted by an encrypter 
Ch1 controlled by a first encryption Cex. At the 
receiverAiecoder, the signal passes liy a demultiplexer 
DMp and descrambler D t>elore being passed to a tele- 
vision 2022 for viewing. A decryption unit DChI also 
possessing the Cex decrypts the ECM in the demul- 
tiplexed signal to obtain the control word Ce sitee- 
quently used to descramble the signal. 
10OS2] For security reasons, the control word Ce 
embedded in the encrypted ECM changes on average 
every 10 seconds or so. In contrast, the first er)cryptton 
key Cex used by the receiver to decode the ECM is 
changed every nnonth or so by nneans of an EMM. The 
encryption key Cex ^ er)crypted by a secorKi unit ChP 
using a personalised key Cg conresponding to the iden- 
tity of the decoder. If the decoder is one of those chosen 
to receive an igxiated key C^, a decryption unit DChP 
in the decoder wilt decrypt the message using its key Cg 
to obtain that montti's k^ Cex. 
[0053] The deayptk>n units DChp and DChI and the 
associated k^ are hekJ on a smart card prcvkJed to 
the subscrber and inserted in a smart card reader in the 
decoder. The keys may generated according to any 
known symmetric key algorithm, such as DES. Alterna- 
tive embodiments using put)lic^|3rivate key algorithms 
are equally possit)le. 



" Recording of Digital Data 

[0054] As set out in the introduction, it is inadvisable 
for descrambled digital data to be permitted to be 
5 recorded in view of the risks that arise in relation to 
unauthorised copying and piracy. As shown in Rgure 5, 
the present invention provides a nneans for overcoming 
this problem. 

[0055] The system comprises a snnart card 4004, 
10 insertat)le in a smart card sk>t in the receiver/decoder. 
together witti a digital recorder 4005, eg a DVHS 
recorder, including a digital recording mecfium 4006, 
such asa DVHS cassette. 

[P056] The decoded control word Ce (together with 
15 any other data that forms the ECM, such as access con- 
trol information etc) is passed to the microprocessor 
embedded in the smart card 4004. Using a second 
encryption key C2 and second encryption algorithm 
Ch2. the snnart card generates a new ECM, indk;ated as 
20 ECM* in the figure This entitiement message ECM* is 
then used to replace the ECM in the scrambled data 
stream from the demultiplexer DMp as shown at 4007 
and the combination of scranrt)led data and new entitie- 
ment message ECM' are recorded on the DVHS cas- 
25 sette 4006. The entitiement nnessage ECM* may be 
inserted in the data stream circulating a shift control 
register R. 

[0057] By this means, the invention avoids recording 
decoded audkivisual information on ttie cassette. In 

30 order to play the cassette, the card is reinserted in the 
decoder, ttie key C2 is used to decode the entitiement 
message ECM*, and ttie sut>sequentiy extracted control 
word Ce used to control the decoder to descramble the 
program for viewing. 

35 [P058] In the system shown in Rgure 5 tiie snnart card 
4004 is different from the smart card 3020 shown in Rg- 
ure 2 of the teleyision system and whk;h contains the 
encryption keys necessary for viewing of the program. 
However, in the alternative emtxxiiment shown in Rg- 

40 ure 6. ttie smart card 3020 contains both the first and 
secoTKi encryption k^ Cex and C2 needed for viewing 
and recording the progrann. As represented, the key 
Cex controls ttie decryption of ttie ECM to generate the 
control word Ce used by the descrannbler D to view the 

45 program and sut>sequentty encrypted by tiie key C2 to 
form the new entitiement message ECM*. 
[P059] The algorittmns DChI and DCh2 have not been 
shown for reasons of space. The card 3020 is in fact 
usually also initialised with the personalised key Cg (not 

50 shown) enabling the decryption of EMMs SO as to obtain 
that month's key Cex stored in the mennory of the card. 
Although the smart card has been shown in the form of 
a sut)stantially rectangular card, other physk^al forms, 
such as key shapes etc. are of course possible. 

55 [0060] The ECM transmitted witti the programme and 
decrypted by the card nnay also contain credit units U 
sut}sequentiy stored in the card and which control the 
number of times a recorded film nnay be viewed. In the 
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simplest embodiment the credit units m^ be decree 
mented during the replaying of ttie recorded film every 
time an ECM* passes by the decoder. Once the number 
of credtis has been decremented to zero, indicating the 
recording has been viewed a predetermined number of 
times, a message is sent to the decoder to prevent fur- 
ther viewings of the film, unless the aedit units are 
recharged (by, for example, a charging instruction sent 
in an EMM). 

[0061] In alternative embodiments, the aedit units 
may be decremented every ten or hundred ECM* mes* 
sages. In still further realisations, the aedrt units may 
corresporxJ to certain sections of the fQm (lor example 
the first or last 10 minutes of the film), such that playing 
these sections will deaement the credit units associ- 
ated therewith. The sections can be identified by tag- 
ging the ECM* messages in these sections accordingly. 
[0062] A further embodiment of the invention is shown 
in Rgure 7. In this embodiment, the generation of the 
new entitiement message EMM* is controlled t)y an Inte- 
grated drcurt or dhtp 4008 possessing tiie second 
encryption C2 and enri>edded in ttie casing of ttie 
recorded casseMe 4006. Incorporation of a microproc- 
essor within the housing of tiie recording medium is a 
known technique and has t>een suggested lor example 
in tiie case of DVHS cassettes. In this example, a set of 
m^iic contacts may be provkied on an exterior sur- 
face of the cassette housing, the contacts leading to an 
electronk; circuit, such as an integrated circuit or chip in 
ttie interior of the housing. These contacts may be 
engaged by a corresponding set of contacts in the 
receptacle of tiie recorder to enat)le communication 
between the integrated circuit and the vMeo recorder. 
[0063] As will t>e appreciated, wfvlst it is straightfor- 
ward to copy the recorded (and scrambled) digital data, 
ttie data stored in the chip will be resistant to copyirrg 
and. as wrth the previous embodiments, the scramt}led 
data will t>e useless wittK>ut the key C2 necessary to 
unkx;k the ECM' to obtain the control word used by the 
descrambler. 

[0064] As will k>e understood, in all embodiments 
desait>ed, the elements of the receiverAdeooder and the 
digital recording devk^e may be conrt»ned or inter- 
changed, such tfiat the digital recorder possesses a 
smart card slot for receiving a smart card, for example, 
and/or the necessary elements to descramble the pro- 
gram once the control word Ce.has been extracted from 
tiie ECM' message. 

Claims 

1. A method for transmission and recording of scram- 
bled digrtal data in whk^h scrarTt)led data is trans- 
mitted togettier wrtti a control word for descrambling 
of ttie digrtal data, the control word itself being 
encrypted by a first key arvi transmitted in 
encrypted form, ttie scrambled digital data and 
encrypted control word being received by a 



' " " decoder having access to an equivalent of the first' 
key necessary to decrypt the encrypted control 
word, the decoder k>eing furttier adapted to pass 
ttie digrtal data in its still scrambled form to a digrtal 

5 recording device and cfiaracterised in that the 
decrypted control word for descrambling the scram- 
t)led data is thereafter re-encrypted by means of a 
second key stored in a portable support dance 
adapted to be received by the decoder, the re- 

10 encrypted control word being recorded together 
with the scrambled data on the digital recording 
medium. 

2. A method as claimed in claim 1 in which the porta- 
ls ble support detnce is a smart card adapted to be 

recced in a smart card reader in the decoder 
arxl/or digital recorder. 

3. A method as claimed in daim 2 in whk;h the smart 
20 card also contains ttie equivalent of the first k^ 

used to decrypt the control word for the initial 
descrambling of ttie data. 

4. A metiiod as claimed in daim 2 in which the second 
25 key is stored on a smart card different from the 

means used by the decoder to store tiie first k^. 

5. Amethodasdaimedinanyofdaims2to4inwhich 
a single smart card and second key are used to 

30 generate the re-encrypted code word for a plurality 
of recordings. 

6. A method as daimed in any of claims 2 to 5 in which 
ttie smart card also contains a nunnt)er of credit 

35 units to determine how many times the recording 
may t>e replayed, the number of units being deae- 
mented with each subsequent partial or complete 
playing of the recording. 

40 7. A mettiod as claimed in daim 6 in which the cred'rt 
units are assodated with a particular segment of 
ttie recording such that playing a section of the 
recording decrements certain credits associated 
with that section. 

45 

8. A mettiod as daimed in daim 7 in which the credit 
units are of a single type and are deaemented wrtti 
the playing of any section of the recording. 

50 9. A mettiod as daimed in daim 1 in whtoh the porta- 
tke support is defined tiy tiie recording medium 
itself, the second key being stored in an inte^ted 
drcurt embedded in ttie housing of ttie digrtal 
recording medium. 

55 

10. An apparatus adapted for transmisston and record- 
ing of scrambled digital data as claimed in any of 
daims 1 to 9 comprising a transmitter for saam- 



7 



13 



EP0912 052A1 



bling and transmitting digltardata together wrth a 
control word fa descrantsling of tfie digital data 
encrypted bf a first key and transnrvtted In 
encrypted form, a decoder for receiving tfie scram- 
bled digital data and encrypted code word and hav- 5 
ing access to an equivalent of the first key 
necessary to decrypt the encrypted code word, and 
a portable support device adapted to be received 
by the decoder arxi possessing a second key for re- 
encrypting the decrypted code word, the re- w 
encrypted code word together with the scrambled 
data being sent by the decoder to a digital recording 
device for recordal on a digital recordirig medium. 

11. A decoder for the apparatus of daim 11 av6 is 
adapted for use in the method of any of claims 1 to 

9 including a receptacle for receiving a portak)le 
support device possessing a secorxi key for re- 
encrypting the decrypted code word. 

20 

12. A decoder as claimed In daim 1 1 integrated with a 
digital recording device for registering the re- 
encrypted code word and scrarTt)led data on a dig- 
ital recording medium. 
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